DEBIAN-CVE-2022-50563

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

UBUNTU-CVE-2023-53712

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c "smp: Warn on function calls from...

UBUNTU-CVE-2023-53725

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttctimerprobe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttctimerprobe warn: 'timerbaseaddr' from ofiomap not released on lines: 498,508,516. timerbaseaddr may...

UBUNTU-CVE-2023-53727

In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: avoid stalls in fqpietimer When setting a high number of flows limit being 65536, fqpietimer is currently using too much time as syzbot reported. Add logic to yield the cpu every 2048 flows less than 150 usec on...

UBUNTU-CVE-2022-50563

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

CVE-2023-53728 posix-timers: Ensure timer ID search-loop limit is valid

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posixtimeradd tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allocation. This is done in a loop searching the ID...

CVE-2023-53728

The CVE affects the Linux kernel’s posix-timers path, where posix_timer_add() allocates timer IDs by scanning from a cached, last-allocation ID. The loop that searches for a free ID is not properly synchronized with the starting value, because start is read locklessly while the hash lock is acqui...

CVE-2023-53728 posix-timers: Ensure timer ID search-loop limit is valid

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posixtimeradd tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allocation. This is done in a loop searching the ID...

CVE-2023-53727

CVE-2023-53727 (Linux kernel) : The vulnerability resides in net/sched fq_pie where fq_pie_timer() could stall when configuring a very high number of flows (65536). The fix adds logic to yield the CPU every 2048 flows, reducing stall time to under 150 microseconds on debug kernels and preventing ...

CVE-2023-53725

CVE-2023-53725 affects the Linux kernel Cadence TTC clocksource driver, specifically the ttc_timer_probe path. The vulnerability is described as a memory leak caused by the base IO mapping not being released. The provided fixes replace the non-managed iomap usage with devm_of_iomap() and add clea...

CVE-2023-53725 clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttctimerprobe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttctimerprobe warn: 'timerbaseaddr' from ofiomap not released on lines: 498,508,516. timerbaseaddr may...

CVE-2023-53712

CVE-2023-53712 relates to the Linux kernel ARM kexec crash handling where the SMP stop notification can be triggered synchronously with interrupts disabled during a crash path. The root issue occurs when a panic is caused by a hrtimer interrupt, which would notify all online CPUs and set them off...

CVE-2022-50563

CVE-2022-50563 (Linux kernel) describes a use-after-free in the dm thin subsystem when concurrent dm_resume() and dm_destroy() trigger run_timer_softirq(). The root cause is that dm_resume() can re-arm a timer after dm_destroy() has not cancelled it due to suspend status, leading to the timer fir...

CVE-2022-50563 dm thin: Fix UAF in run_timer_softirq()

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

CVE-2022-50563 dm thin: Fix UAF in run_timer_softirq()

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

WordPress plugin WPC Countdown Timer for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an invalid timer ID search loop limit in the posixtimeradd function, which could lead to an infinite loop...

PT-2025-43176

Name of the Vulnerable Software and Affected Versions WPClever WPC Countdown Timer for WooCommerce versions through 3.1.4 Description The WPC Countdown Timer for WooCommerce software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored...

PT-2025-43128

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-syzkaller-00453-g727dbda16b83 Description The Linux kernel contains an issue within the networking scheduler related to the fq pie Fair Queueing Packet Identifier implementation. Specifically, the fq pie...

PT-2025-43126

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the ttc timer probe function within the cadence-ttc timer driver. The timer baseaddr resource, obtained through of iomap, was not consistently...